2903 matches found
CVE-2026-11963
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...
CVE-2026-11964
Affected software: User Registration & Membership WordPress plugin (prior to 5.2.2). Vulnerability: The plugin does not verify the authenticity of incoming payment-provider webhook notifications, enabling unauthenticated attackers to forge a payment-approved event. Impact: This can activate a pai...
CVE-2026-11964 User Registration & Membership < 5.2.2 - Unauthenticated PayPal Webhook Signature Verification Bypass Leading to Membership Activation
The User Registration & Membership WordPress plugin before 5.2.2 does not verify the authenticity of incoming payment-provider webhook notifications before acting on them, allowing unauthenticated attackers to forge a payment-approved event and activate a paid membership subscription without...
CVE-2026-11963 User Registration & Membership < 5.2.2 - Subscriber+ Cross-User Role and Membership Tier Modification via IDOR
The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...
CVE-2026-11963
Affected product: WordPress plugin “User Registration & Membership” (before 5.2.2). Vulnerability: Missing authorization check on a membership-upgrade action; the target user is derived from a caller-supplied identifier rather than the current user, enabling any authenticated user (e.g., a subscr...
PT-2026-57748
Name of the Vulnerable Software and Affected Versions Membership For WooCommerce versions prior to 3.1.1 Description A Path Traversal issue exists in the Membership For WooCommerce plugin. This flaw allows an attacker to access files and directories outside of the intended restricted directory by...
CVE-2026-56279
Capgo before 12.128.2 is affected by an information disclosure vulnerability in the get_orgs_v7(userid) RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users’ organization membersh...
EUVD-2026-42881
Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...
CVE-2026-56279 Capgo - Information Disclosure via get_orgs_v7 RPC Endpoint
Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...
WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by sebbealb in WordPress Plugin Membership For WooCommerce versions = 3.1.0...
PT-2026-56993
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The signup flow allows newly registered users to set the primary group id variable...
CVE-2026-56226 Capgo - Unauthenticated Organization Data Disclosure via get_orgs_v6 RPC
Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...
CVE-2026-3688
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...
EUVD-2026-42220
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...
CVE-2026-3688
The CVE concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. Affected: all versions up to 2.11.10. Root cause: the wcfmvm_membership_change AJAX action does not validate a user’s permission to modify other users, enabling an authenticated vendor...
CVE-2026-3688 WCFM - WooCommerce Multivendor Membership <= 2.11.10 - Insecure Direct Object Reference to Limited Privilege Escalation via User Role Overwrite
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...
CVE-2026-59704
Cap’s GET /api/video/ai endpoint lacks proper ownership/membership validation, exposing private video AI metadata (titles, summaries, chapters) and enabling authenticated attackers to solicit arbitrary video IDs to read sensitive content. This may also trigger unauthorized AI generation that depl...
WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...
GO-2026-5869 Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher
Rancher has over-inclusive team membership expansion in GitHub App authentication provider in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
CVE-2026-11855
CVE-2026-11855 affects the Simple Membership WordPress plugin prior to 4.7.5. The issue arises because Stripe webhook requests are not authenticated when no signing secret is configured, and a value taken from those requests is not escaped before being output in an administrator notice. This lead...